Re: svnserve passwd plaintext

From: Duncan Murdoch <murdoch_at_stats.uwo.ca>
Date: 2006-07-15 19:02:31 CEST

On 7/15/2006 11:19 AM, Les Mikesell wrote:

> There are two real issues with plaintext passwords even if you
> trust the adminstrator. One is that vulnerabilities happen and
> files end up in the wrong hands in spite of the best intentions.
> The other is that it is human nature to reuse passwords. Even
> if you trust the admin with access to the subversion files you
> may not trust him to have access to other unrelated accounts
> where you might have used that same password.

David Anderson just posted some good advice: have the admin randomly
generate the password and tell it to the user. (svnserve requires the
admin to enter the password into the config file, so the admin may as
well generate it).

Duncan Murdoch

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Received on Sat Jul 15 19:03:52 2006

This message: [ Message body ]
Next message: gmu 2k6: "Re: svnserve passwd plaintext"
Previous message: gmu 2k6: "Re: initial setup one huge changeset or in pieces"
In reply to: Les Mikesell: "RE: svnserve passwd plaintext"
Next in thread: gmu 2k6: "Re: svnserve passwd plaintext"
Reply: gmu 2k6: "Re: svnserve passwd plaintext"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]